[keycloak-dev] Availability During Upgrades

[Josh Cain]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Yeah... until we get rolling updates, we just:

 - re-route traffic to secondary datacenter
 - kill all nodes in primary, run db scripts, and bring nodes back up
 - validate primary DC
 - switch traffic back to primary DC
 - Do the same for secondary DC

Be careful here though - atm we don't have cross-datacenter
replication turned on (we have an external source of truth for user
information).  If you have that, you're going to have to break the
link and deal with potential data loss/sync issues in order to get
this to work.

Another +1 for "we'd really like this going forward!"

Josh Cain
Senior Software Applications Engineer, RHCE
Red Hat North America
jcain at redhat.com IRC: jcain

On 05/03/2018 08:42 AM, Bill Burke wrote:
> We had a recent Sprint to investigate rolling upgrades.  This was 
> investigation only.  I believe we have some plans for this down
> the road, but it isn't something we support at the moment.  From
> what I remember, I believe that its more a matter of process and
> testing. Process being to make sure that db schema changes and user
> session serialization is backward compatible.  Testing to ensure
> and verify the process.  Marek and Hynek might be able to give you
> more info.
> 
> On Thu, May 3, 2018 at 9:17 AM, gambol <gambol99 at gmail.com> wrote:
>> Hiya
>> 
>> I was wondering if anyone has any recommendation in regard to 
>> high-availability during upgrades? or how people are handling
>> service availability during a service update?  Where as before we
>> had leeway for the occasional midnight 30 downtime, as more
>> projects on-aboard this is soon reaching the point where
>> scheduled downtime unless an absolute emergency isn't
>> acceptable.
>> 
>> Rohith _______________________________________________ 
>> keycloak-dev mailing list keycloak-dev at lists.jboss.org 
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 
> 
> 
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyXW6Vl+0L9r9LpVurGNtyYPQwPgFAlr7ARsACgkQrGNtyYPQ
wPhCFRAAimYxaao0o1bM6I8k9zPZKdjNG4uFqdnXe868sBHwlcdNSlZoXPl8+DmU
72SiYbjIG5XGoVRxxIFVWFWh9IdXsrLEztMXP9vx7wksXd8dDytaXAey1n0Si2+F
mbwjasGV17dd3c/toDpoR+4CRVZLPQXgzYEXColj/8sEbpLlnGUbFs/JWK5wMrPD
28bmLL9p3BRwbD1B/exOcgatjJ06iqT+pu3RTbgvFdldXc0WfOzkzgt+kJzOCdm5
cbpXqB1oxxneH6vvwfKtZq8e6cOcQyxdTwd6Yb8hhPmtBXOgyVxsKptSKMlRQ04B
zuZC/BniJCTlGs1S7s+IuEU/uNoP4NkE0Kz0/APYm/XWlNuLIHpMPmqoAcg+eTgg
qwPxwOovr1dXXid83q0BlAFwH8LDZRAXumqeUumCAwfn+X94YYRkhS/mROE7gWjP
wWrPoHi5cpA7sWcz01PRD4RR5SdVq3dOyOOc7+t6MY/LUeP+k6Mhrd18xQ4sYn3H
9NUOFih9mGYds404JOmPDCJYc9Bm+GQp3gRJHfFfsc633EHpGA8gY+KowVUpOAsm
cS6ipKgH3AtW08ce+mOXi+ZT8TNvo31yXiKYhBI3/+3C3t/GX6R9EZ1tR29Fx9wf
22z/ysWJphRhJlWbB4sz8GeXeWk28pkTYPa5360AX04nBL7Ur+o=
=oIkN
-----END PGP SIGNATURE-----